Closed Arszilla closed 3 years ago
github-actions[bot]
commented
3 years ago Looks like your first issue -- we aim to respond to issues as quickly as possible. In the meantime, check out our documentation here: http://caldera.readthedocs.io/
uruwhy
commented
3 years ago @Arszilla could you try disabling the emu plugin in your configuration file to see if those messages disappear? This will help us figure out if that plugin is the affected component of your installation.
Arszilla
commented
3 years ago @Arszilla could you try disabling the
emuplugin in your configuration file to see if those messages disappear? This will help us figure out if that plugin is the affected component of your installation.
When emu was turned off, the issue went worse:
2021-09-08 20:47:47 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 4f7d21c9-ea31-4943-ad8a-efbbeeccdd7d but not found: Modified-SysInternalsSuite.zip
2021-09-08 20:47:47 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 4f7d21c9-ea31-4943-ad8a-efbbeeccdd7d but not found: Modified-SysInternalsSuite.zip
2021-09-08 20:47:47 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in f320eebd-e75b-4194-b529-79e64ad0b9ee but not found: stepThirteen.ps1
2021-09-08 20:47:47 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in f320eebd-e75b-4194-b529-79e64ad0b9ee but not found: stepThirteen.ps1
2021-09-08 20:47:47 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in e4cdb5c6-d322-3b6e-ac8e-68b2e8a7dd4c but not found: adfind.exe
2021-09-08 20:47:47 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 96140694-6d13-40b6-9553-0e63533469f3 but not found: stepThirteen.ps1
2021-09-08 20:47:47 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 96140694-6d13-40b6-9553-0e63533469f3 but not found: stepThirteen.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in b6026408-c815-47ca-bbb0-6b74591badc8 but not found: tcping.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in a34ab8f2-a106-41fb-af0b-cf5382bd18ae but not found: stepThirteen.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in a34ab8f2-a106-41fb-af0b-cf5382bd18ae but not found: stepThirteen.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 9d543214-6476-429a-9ca1-cf12233b808c but not found: netsess.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 2738b811-a360-4a4f-af9d-704343ebab4d but not found: adfind.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 0cfadbcb-ec21-44ae-adb7-9a23176dd620 but not found: stepThirteen.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 0cfadbcb-ec21-44ae-adb7-9a23176dd620 but not found: stepThirteen.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 5b24eef2-7a7f-4d34-8cab-e588074c59bc but not found: adfind.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in d04a02e1-a05c-46f8-adf0-c036266fe0a1 but not found: pillowMint.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in d04a02e1-a05c-46f8-adf0-c036266fe0a1 but not found: pillowMint.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 2b5a72b1-01e4-48ae-98b0-2570a7894371 but not found: stepTwelve.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 2b5a72b1-01e4-48ae-98b0-2570a7894371 but not found: stepTwelve.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in f9c0b150-822f-497b-ad6d-187f24561e9a but not found: stepTwelve.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in f9c0b150-822f-497b-ad6d-187f24561e9a but not found: stepTwelve.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in a42be479-fc26-4d7c-9e63-7a9b74e4c8d2 but not found: stepSixteen_SID.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in a42be479-fc26-4d7c-9e63-7a9b74e4c8d2 but not found: stepSixteen_SID.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in e44a39ce-0651-3ddd-8f05-f83aa2ffd657 but not found: adfind.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in d30692dd-779f-4a40-b947-de23dabbb033 but not found: adfind.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 02a96c18-f700-482d-88a8-bd311f6c41dc but not found: adfind.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 5df12481-9d8c-4235-b550-9cefc8ed7361 but not found: ps.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 5df12481-9d8c-4235-b550-9cefc8ed7361 but not found: ps.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 814005f7-c8d3-45c8-aea2-45758b2d6e90 but not found: nbtscan.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 43aad2d6-d16a-4adb-aa2b-9510a3be4c52 but not found: stepFifteen_wmi.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 43aad2d6-d16a-4adb-aa2b-9510a3be4c52 but not found: stepFifteen_wmi.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 5f3f7045-ae92-4a3e-8b39-35e4f8cc3038 but not found: keylogger.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 5f3f7045-ae92-4a3e-8b39-35e4f8cc3038 but not found: keylogger.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 0b1841bd-ef8b-475c-bce7-8fcb2860984a but not found: Get-Screenshot.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 0b1841bd-ef8b-475c-bce7-8fcb2860984a but not found: Get-Screenshot.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in fc231955-774f-442c-ac0e-e74dfda50c5c but not found: stepSeventeen_zip.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in fc231955-774f-442c-ac0e-e74dfda50c5c but not found: stepSeventeen_zip.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in fd27fe6c-4846-4e94-aef9-f6bc21ab0f0e but not found: 7za.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 453cb643-892b-475d-8db9-df61289749f1 but not found: take-screenshot.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 453cb643-892b-475d-8db9-df61289749f1 but not found: take-screenshot.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 22ddbc4f-fb5d-4785-8bc8-373da2f3e176 but not found: dumpWebCreds.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 22ddbc4f-fb5d-4785-8bc8-373da2f3e176 but not found: dumpWebCreds.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in b1dcc53a-c86c-46ba-8a3d-e1da74a8db3c but not found: stepSeventeen_email.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in b1dcc53a-c86c-46ba-8a3d-e1da74a8db3c but not found: stepSeventeen_email.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 160a1e0f-0f9b-49bb-a0fe-7e362b51737f but not found: rar.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 1345bff7-6f26-43b2-a92a-9aabccdb3db0 but not found: update.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 1345bff7-6f26-43b2-a92a-9aabccdb3db0 but not found: Invoke-BypassUACTokenManipulation.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 1345bff7-6f26-43b2-a92a-9aabccdb3db0 but not found: update.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 1345bff7-6f26-43b2-a92a-9aabccdb3db0 but not found: Invoke-BypassUACTokenManipulation.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 088b8639-3f37-42cc-9dc8-01aabb645461 but not found: update.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 088b8639-3f37-42cc-9dc8-01aabb645461 but not found: Invoke-PSInject.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 088b8639-3f37-42cc-9dc8-01aabb645461 but not found: update.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 088b8639-3f37-42cc-9dc8-01aabb645461 but not found: Invoke-PSInject.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in f820b93d-6176-4a72-a138-a70b0b549c49 but not found: wipe.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in f820b93d-6176-4a72-a138-a70b0b549c49 but not found: wipe.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 9a76889c-9518-4b3e-9c87-6618156015c6 but not found: hollow.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 9a76889c-9518-4b3e-9c87-6618156015c6 but not found: paexec.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 9a76889c-9518-4b3e-9c87-6618156015c6 but not found: hollow.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 9a76889c-9518-4b3e-9c87-6618156015c6 but not found: paexec.exe
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 82d2f5c7-7561-4d91-96d2-959473b9ad2b but not found: stager.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 82d2f5c7-7561-4d91-96d2-959473b9ad2b but not found: stager.ps1
2021-09-08 20:47:48 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in ab48e12f-def0-40a4-b3d9-ad958f45202a but not found: BOOSTWRITE.dll
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 5226e5dc-fc28-43b7-a679-0db49d520402 but not found: stepFourteen_bypassUAC.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 5226e5dc-fc28-43b7-a679-0db49d520402 but not found: stepFourteen_bypassUAC.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 9b518cfb-125f-466e-872b-4f8171773ce5 but not found: StealToken.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 9b518cfb-125f-466e-872b-4f8171773ce5 but not found: StealToken.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 03afada1-1714-408f-bde5-f528b91dc89d but not found: StealToken.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 03afada1-1714-408f-bde5-f528b91dc89d but not found: StealToken.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 1b9e018d-986d-42d9-bb8b-0e104e98ce9c but not found: StealToken.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 1b9e018d-986d-42d9-bb8b-0e104e98ce9c but not found: StealToken.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 9fefcde6-083a-4440-8eca-dc03d30c0bcb but not found: StealToken.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 9fefcde6-083a-4440-8eca-dc03d30c0bcb but not found: StealToken.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 68b588bc-002a-42dc-bac7-9189f944065b but not found: monkey.png
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 68b588bc-002a-42dc-bac7-9189f944065b but not found: monkey.png
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 4a2ad84e-a93a-4b2e-b1f0-c354d6a41278 but not found: timestomp.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 4a2ad84e-a93a-4b2e-b1f0-c354d6a41278 but not found: timestomp.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 6b90da47-13d0-48fc-8f07-0a1e6d5d876e but not found: StealToken.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 6b90da47-13d0-48fc-8f07-0a1e6d5d876e but not found: StealToken.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in fe3d4de1-50bf-4241-9546-72dc757e696f but not found: secretsdump.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 1dba454c-0e4f-4fe0-8bc9-b17e8c5c9a24 but not found: m.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 1dba454c-0e4f-4fe0-8bc9-b17e8c5c9a24 but not found: m.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 267bad86-3f06-49f1-9a3e-6522f2a61e7a but not found: Invoke-Mimikatz.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 267bad86-3f06-49f1-9a3e-6522f2a61e7a but not found: Invoke-Mimikatz.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in c4f4b13c-87b6-498c-b814-93570173068c but not found: dmevals.local.pfx
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in c4f4b13c-87b6-498c-b814-93570173068c but not found: dmevals.local.pfx
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 4ef6009d-2d62-4bb4-8de9-0458df2e9567 but not found: stepFourteen_credDump.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 4ef6009d-2d62-4bb4-8de9-0458df2e9567 but not found: stepFourteen_credDump.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in ffb50e17-cb3c-4424-a4e7-99e3885f22cc but not found: mimikatz.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 97412b40-4940-4da1-8bff-6f11d42bca26 but not found: wce.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in e74554b8-0bc9-3d50-95a4-e45421925b49 but not found: dnscat2.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 2d18c8ec-4593-49dc-9bf4-11d0673d6ae6 but not found: upload.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 2d18c8ec-4593-49dc-9bf4-11d0673d6ae6 but not found: upload.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in a612311d-a802-48da-bb7f-88a4b9dd7a24 but not found: upload.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in a612311d-a802-48da-bb7f-88a4b9dd7a24 but not found: upload.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 78d94199-7e0e-442b-81a6-32f8e419a7ac but not found: putty.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 68e209dd-f354-4adc-8bc6-e85a3e55a7f4 but not found: upload.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 68e209dd-f354-4adc-8bc6-e85a3e55a7f4 but not found: upload.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in ea4bc858-ba13-4f97-9df3-c543d8f3d44c but not found: pscp.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 6824cbb6-f3e1-4081-8a63-d72ae368cb23 but not found: pscp.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 89b84389-036e-4c3d-a490-bf8ba50bffe8 but not found: 7za.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 89b84389-036e-4c3d-a490-bf8ba50bffe8 but not found: 7za.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 4b1748e5-532c-453c-b195-557ce5550fef but not found: psexec.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in acecc8f7-18c2-41fd-87bc-39ffd644e4e9 but not found: invoke-winrmsession.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in acecc8f7-18c2-41fd-87bc-39ffd644e4e9 but not found: m.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in acecc8f7-18c2-41fd-87bc-39ffd644e4e9 but not found: invoke-winrmsession.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in acecc8f7-18c2-41fd-87bc-39ffd644e4e9 but not found: m.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in bddc0abc-07a0-41b7-813f-e0c64d9226b3 but not found: sandcat.go-windows-upx
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in bddc0abc-07a0-41b7-813f-e0c64d9226b3 but not found: sandcat.go-windows-upx
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 473e5707-5786-4f53-934f-22175c1059b0 but not found: uac-bypass.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 473e5707-5786-4f53-934f-22175c1059b0 but not found: attackkatz.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 473e5707-5786-4f53-934f-22175c1059b0 but not found: uac-bypass.ps1
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 473e5707-5786-4f53-934f-22175c1059b0 but not found: attackkatz.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 08e57385-dbce-4850-8bb7-589ef79465ab but not found: rar.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 08e57385-dbce-4850-8bb7-589ef79465ab but not found: rar.exe
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 8911d502-747a-4155-adcd-b03a1f284ee7 but not found: wmiexec.vbs
2021-09-08 20:47:49 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 571845f6-b75c-4b9d-a666-a78f7827261f but not found: cod.3aka3.scr
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 571845f6-b75c-4b9d-a666-a78f7827261f but not found: cod.3aka3.scr
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in d77838f6-d562-3480-ad29-2cbeee8b7b45 but not found: psexec.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in e4027dff-280b-4964-82be-b35a40c4a493 but not found: PsExec.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 0c752dce-9302-4465-805f-522650aece3f but not found: psexec.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in b15d3014-a5d1-4ec6-934b-d7fe44451192 but not found: uac-samcats.ps1
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in b15d3014-a5d1-4ec6-934b-d7fe44451192 but not found: samcat.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in b15d3014-a5d1-4ec6-934b-d7fe44451192 but not found: uac-samcats.ps1
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in b15d3014-a5d1-4ec6-934b-d7fe44451192 but not found: samcat.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 5beb978f-dce0-4ccd-b4fa-de47e0adb453 but not found: Java-Update.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 5beb978f-dce0-4ccd-b4fa-de47e0adb453 but not found: Java-Update.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 7e3a8de9-edb9-4df4-beef-9577c4562420 but not found: tiny.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 7e3a8de9-edb9-4df4-beef-9577c4562420 but not found: tiny.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: pscp.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: psexec.py
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: impacket_exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: plink.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: tiny.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: pscp.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: psexec.py
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: impacket_exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: plink.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 8bd3edc3-14ad-4e44-9e45-9ec8d43f374b but not found: tiny.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 38d009be-4ba2-46dc-a321-8be05c07630c but not found: plink.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 38d009be-4ba2-46dc-a321-8be05c07630c but not found: plink.exe
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 50cf48b9-2076-4efc-80f1-5b8f421ecae4 but not found: reverse.ps1
2021-09-08 20:47:50 - WARNING (data_svc.py:369 _verify_abilities) Payload referenced in 50cf48b9-2076-4efc-80f1-5b8f421ecae4 but not found: reverse.ps1Currently, I have the following plugins enabled:
plugins:
- access
- atomic
- compass
- debrief
- fieldmanual
- gameboard
- manx
- response
- sandcat
- stockpile
- training
- mock
- sslI had human and builder enabled as well, but disabled them by removing them from my conf.yml, yet the issue persisted.
uruwhy
commented
3 years ago So those missing payloads are all from the emu plugin. What version of CALDERA are you using? Those payload checks shouldn't be running on a plugin if that plugin is no longer enabled.
As for why certain payloads are missing - there are several reasons. The emulation plans purposefully excluded some payloads due to licensing restrictions, but those should be available online (e.g. tcping.exe and adfind.exe). Other payloads were downloaded directly to the target machine as part of a pre-condition during the actual adversary emulation and thus weren't included in the plugin - unfortunately you'd have to look for these as well. I can submit a ticket for providing some sort of auxiliary script that can automatically fetch those payloads that are available online, but we might not be able to get to it immediately.
Arszilla
commented
3 years ago So those missing payloads are all from the
emuplugin. What version of CALDERA are you using? Those payload checks shouldn't be running on a plugin if that plugin is no longer enabled.As for why certain payloads are missing - there are several reasons. The emulation plans purposefully excluded some payloads due to licensing restrictions, but those should be available online (e.g. tcping.exe and adfind.exe). Other payloads were downloaded directly to the target machine as part of a pre-condition during the actual adversary emulation and thus weren't included in the plugin - unfortunately you'd have to look for these as well. I can submit a ticket for providing some sort of auxiliary script that can automatically fetch those payloads that are available online, but we might not be able to get to it immediately.
I am using v3.1.0. I've installed it as it was instructed in the repo i.e.:
# cd /opt/
# git clone https://github.com/mitre/caldera.git --recursive --branch 3.1.0
# cd caldera
# pip3 install -r requirements.txt
# nano /conf/default.yml (In order to edit the default password(s) and API key(s))
# python3 server.py --insecureAfterwards, I enabled emu, ssl etc. via the GUI on Firefox.
All of this was done on Linux kali 5.10.0-kali8-amd64 #1 SMP Debian 5.10.40-1kali1 (2021-05-31) x86_64 GNU/Linux
uruwhy
commented
3 years ago As for why certain payloads are missing - there are several reasons. The emulation plans purposefully excluded some payloads due to licensing restrictions, but those should be available online (e.g. tcping.exe and adfind.exe). Other payloads were downloaded directly to the target machine as part of a pre-condition during the actual adversary emulation and thus weren't included in the plugin - unfortunately you'd have to look for these as well. I can submit a ticket for providing some sort of auxiliary script that can automatically fetch those payloads that are available online, but we might not be able to get to it immediately.
Arszilla
commented
3 years ago ... I can submit a ticket for providing some sort of auxiliary script that can automatically fetch those payloads that are available online, but we might not be able to get to it immediately.
That'd be great! It'd help out those who are new to adversary emulations i.e. junior red teamers as well as those looking to get the tools from a trusted/suggested source.
ColeVan
commented
3 years ago Any resolutions on this? I'm receiving the same errors for referenced payloads not found. Also having a big issue with human plugin. I'll open a separate issue on that.
mchan143
commented
3 years ago @Arszilla the above has been resolved in the most recent updates to the emu plugin. As noted in the updates to the README:
pyminizip must now be installed to decrypt some of the payloads within the Adversary Emulation Library download_payloads.sh auxiliary script has been provided and should be run prior to starting the CALDERA server to download payloads that are available online but could not be included in the repositories.It is recommended you pull the latest updates from the master branch, complete the two steps above, and relaunch the CALDERA server with the --fresh argument.
I'll be closing this issue but if you’re still having any problems, please feel free to re-open or start a new ticket.
ColeVan
commented
3 years ago After pulling the latest branch 4.0.0 Alpha, I'm unable to locate pyminizip or download_payloads.sh. Where are these scripts located?
mchan143
commented
3 years ago @ColeVan this update has been added to the emu plugin after the release of 4.0.0-alpha and is not currently included in the 4.0.0-alpha release. To access the updates, you'll want to navigate into the caldera/plugins/emu directory and run git checkout master followed by git checkout pull to ensure you have the most recent updates for the emu plugin.
ColeVan
commented
3 years ago Looks like that worked!
Greetings,
After installing Caldera and enabling a few plugins like
sslandemu, I saw the following messages in my terminal:I am unsure what the root cause is and the documentation over at readthedocs wasn't much of help.
I installed
calderaby cloning the repository as instructed and then configureddefault.ymlto change the credentials.Any ideas on what the root cause is?